Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Attackers are abusing AI-powered development platforms like Lovable, Netlify and Vercel to create and host captcha challenge websites as part of phishing campaigns, according to researchers at Trend Micro. “Since January, Trend Micro has observed a rise in fake captcha pages hosted on such platforms,” the researchers write.

CrowdStrike has been named an innovation and growth leader in the 2025 Frost Radar: Cloud Workload Protection Platforms, positioned highest on the Innovation Index among all vendors evaluated. This marks another milestone in our mission to stop breaches with the industry's most unified and comprehensive cloud security solution.

The French luxury conglomerate, Kering, recently confirmed a data breach affecting millions of customers. As a Paris-based luxury group, it has a portfolio of houses in fashion and jewelry. Some of its stable brands include Alexander McQueen, Balenciaga, and Gucci. The cybercriminal group, ShinyHunters, claimed responsibility for the attack. Unlike traditional ransomware groups, which would encrypt the data, they usually monetize by extortion to sell the information on secret forums.

Public sector organizations face unprecedented cybersecurity challenges as artificial intelligence reshapes how adversaries launch attacks. Threat actors now use AI to execute large-scale, highly personalized phishing campaigns, automate the discovery of vulnerabilities, and evade detection faster than traditional defenses can respond.

The modern automation stack makes it almost trivial to connect enterprise tools: By combining these, you can create an “AI agent” that reads a message in Slack, uses an LLM to classify or summarize it, and then creates a new ticket in YouTrack—all in minutes.

It only takes one mistake for an attacker to gain a foothold. One click on a phishing email, one missed patch, or one default password left in place is often all it takes. The problem is not just the initial mistake, but how far it spreads across your systems. This is why cyber risk is now considered the number one threat to business survival. The numbers tell the story. 60% of SMBs close within six months of a breach.

On September 25, 2025, the npm package postmark-mcp, an MCP (Model Context Protocol) server intended to let AI assistants send emails via Postmark, was reportedly modified to secretly exfiltrate email contents by adding a blind-copy (BCC) to an external domain. Current analysis suggests the behavior began around 1.0.16 and persisted in later versions.

From October 14–16, thousands of construction professionals will gather in Houston, Texas, for Procore Groundbreak 2025—one of the industry’s premier events for innovation and collaboration. Egnyte is proud to return as an exhibitor to showcase how our AI-powered platform integrates seamlessly with Procore to deliver smarter, more secure ways to manage project and business data.

Rate this post Last Updated on September 25, 2025 by Narendra Sahoo The world of payment security never stands still, and neither does PCI DSS. PCI DSS 4.0.1 Compliance is now the latest update that is the new talk of the town. Don’t worry it’s not that massive and heavy on changes but it is here to make a remarkable difference in transparency and finance.

Modern digital supply chains are increasingly complex and vulnerable. In this episode of Security Matters, host David Puner is joined by Retsef Levi, professor of operations management at the MIT Sloan School of Management, to explore how organizations can “sense the signals” of hidden risks lurking within their software supply chains, from open source dependencies to third-party integrations and AI-driven automation.